HIRS/HIRS_ProvisionerTPM2/package/rpm-post-install.sh

71 lines
2.0 KiB
Bash
Raw Normal View History

set -e
if ! [ $(id -u) = 0 ]; then
echo "Please run this script as root."
exit 1
fi
2018-09-06 13:47:33 +00:00
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
mkdir -p /var/log/hirs/provisioner
2019-02-14 17:39:21 +00:00
mkdir -p /etc/hirs/provisioner/certs
ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2
ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision
2019-02-14 17:39:21 +00:00
ln -s -f /usr/local/bin/tpm_version /usr/sbin/tpm_version
2018-09-06 13:47:33 +00:00
if [ ! -f $HIRS_SITE_CONFIG ]; then
# Create template site config if it does not exist
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
#*******************************************
#* HIRS site configuration properties file
#*******************************************
# Client configuration
CLIENT_HOSTNAME=$(hostname -f)
TPM_ENABLED=
IMA_ENABLED=
# Site-specific configuration
ATTESTATION_CA_FQDN=
ATTESTATION_CA_PORT=8443
BROKER_FQDN=
BROKER_PORT=61616
PORTAL_FQDN=
PORTAL_PORT=8443
DEFAULT_SITE_CONFIG_FILE
echo "$HIRS_SITE_CONFIG not found - a template has been created"
echo "Set your site configuration manually in $HIRS_SITE_CONFIG, then run 'hirs-provisioner-tpm2 provision' to provision this system"
fi
2019-02-14 17:39:21 +00:00
ln -s -f /etc/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
TCG_BOOT_FILE="/etc/hirs/tcg_boot.properties"
TCG_DIRECTORY="/boot/tcg"
2020-11-30 13:38:46 +00:00
RIM_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
SWIDTAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
BINARY_BIOS_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements"
if [ ! -f "$TCG_BOOT_FILE" ]; then
touch "$TCG_BOOT_FILE"
fi
2020-11-30 13:38:46 +00:00
if [ -d "$RIM_FILE_LOCATION" ]; then
echo "tcg.rim.dir=$RIM_FILE_LOCATION" > "$TCG_BOOT_FILE"
fi
if [ -d "$SWIDTAG_FILE_LOCATION" ]; then
2020-11-30 13:38:46 +00:00
echo "tcg.swidtag.dir=$SWIDTAG_FILE_LOCATION" >> "$TCG_BOOT_FILE"
fi
if [ -d "$CREDENTIALS_LOCATION" ]; then
echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE"
fi
if [ -f "$BINARY_BIOS_MEASUREMENTS" ]; then
echo "tcg.event.file=$BINARY_BIOS_MEASUREMENTS" >> "$TCG_BOOT_FILE"
fi
chmod -w "$TCG_BOOT_FILE"